smatch_data/kernel.clears_argument: add more functions
[smatch.git] / smatch_untracked_param.c
blob11d64c453c95b1f69a7ef323b804e5b120a670da
1 /*
2 * Copyright (C) 2014 Oracle.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
19 * Sometimes we aren't able to track a variable through a function call. This
20 * usually happens because a function changes too many variables so we give up.
21 * Another reason this happens is because we call a function pointer and there
22 * are too many functions which implement that function pointer so we give up.
23 * Also maybe we don't have the database enabled.
25 * The goal here is to make a call back so what if we call:
27 * frob(&foo);
29 * but we're not able to say what happens to "foo", then let's assume that we
30 * don't know anything about "foo" if it's an untracked call.
34 #include "smatch.h"
35 #include "smatch_slist.h"
36 #include "smatch_extra.h"
38 static int my_id;
39 static unsigned long tracked;
41 STATE(untracked);
42 STATE(lost);
44 typedef void (untracked_hook)(struct expression *call, int param);
45 DECLARE_PTR_LIST(untracked_hook_list, untracked_hook *);
46 static struct untracked_hook_list *untracked_hooks;
47 static struct untracked_hook_list *lost_hooks;
49 void add_untracked_param_hook(void (func)(struct expression *call, int param))
51 untracked_hook **p = malloc(sizeof(untracked_hook *));
52 *p = func;
53 add_ptr_list(&untracked_hooks, p);
56 static void call_untracked_callbacks(struct expression *expr, int param)
58 untracked_hook **fn;
60 FOR_EACH_PTR(untracked_hooks, fn) {
61 (*fn)(expr, param);
62 } END_FOR_EACH_PTR(fn);
65 void add_lost_param_hook(void (func)(struct expression *call, int param))
67 untracked_hook **p = malloc(sizeof(untracked_hook *));
68 *p = func;
69 add_ptr_list(&lost_hooks, p);
72 static void call_lost_callbacks(struct expression *expr, int param)
74 untracked_hook **fn;
76 FOR_EACH_PTR(lost_hooks, fn) {
77 (*fn)(expr, param);
78 } END_FOR_EACH_PTR(fn);
81 static void assume_tracked(struct expression *call_expr, int param, char *key, char *value)
83 tracked = 1;
86 static char *get_array_from_key(struct expression *expr, int param, const char *key, struct symbol **sym)
88 struct expression *arg;
90 arg = get_argument_from_call_expr(expr->args, param);
91 if (!arg)
92 return NULL;
93 if (arg->type != EXPR_PREOP || arg->op != '&')
94 return NULL;
95 arg = arg->unop;
96 if (!is_array(arg))
97 return NULL;
98 arg = get_array_base(arg);
100 return expr_to_var_sym(arg, sym);
103 static void mark_untracked_lost(struct expression *expr, int param, const char *key, int type)
105 char *name;
106 struct symbol *sym;
108 while (expr->type == EXPR_ASSIGNMENT)
109 expr = strip_expr(expr->right);
110 if (expr->type != EXPR_CALL)
111 return;
113 name = get_name_sym_from_key(expr, param, key, &sym);
114 if (!name || !sym) {
115 name = get_array_from_key(expr, param, key, &sym);
116 if (!name || !sym)
117 goto free;
120 if (type == LOST_PARAM)
121 call_lost_callbacks(expr, param);
122 call_untracked_callbacks(expr, param);
123 set_state(my_id, name, sym, &untracked);
124 free:
125 free_string(name);
129 void mark_untracked(struct expression *expr, int param, const char *key, const char *value)
131 mark_untracked_lost(expr, param, key, UNTRACKED_PARAM);
134 void mark_lost(struct expression *expr, int param, const char *key, const char *value)
136 mark_untracked_lost(expr, param, key, LOST_PARAM);
139 static int lost_in_va_args(struct expression *expr)
141 struct symbol *fn;
142 char *name;
143 int is_lost;
145 fn = get_type(expr->fn);
146 if (!fn || !fn->variadic)
147 return 0;
149 is_lost = 1;
150 name = expr_to_var(expr->fn);
151 if (name && strstr(name, "print"))
152 is_lost = 0;
153 free_string(name);
155 return is_lost;
158 static void match_after_call(struct expression *expr)
160 struct expression *arg;
161 struct symbol *type;
162 int i;
164 if (lost_in_va_args(expr))
165 tracked = 0;
167 if (tracked)
168 return;
170 i = -1;
171 FOR_EACH_PTR(expr->args, arg) {
172 i++;
174 type = get_type(arg);
175 if (!type || type->type != SYM_PTR)
176 continue;
178 call_untracked_callbacks(expr, i);
179 set_state_expr(my_id, arg, &untracked);
180 } END_FOR_EACH_PTR(arg);
184 static void mark_all_params(int return_id, char *return_ranges, int type)
186 struct symbol *arg;
187 int param;
189 param = -1;
190 FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, arg) {
191 param++;
193 if (!arg->ident)
194 continue;
195 sql_insert_return_states(return_id, return_ranges,
196 type, param, "$", "");
197 } END_FOR_EACH_PTR(arg);
201 void mark_all_params_untracked(int return_id, char *return_ranges, struct expression *expr)
203 mark_all_params(return_id, return_ranges, UNTRACKED_PARAM);
206 void mark_all_params_lost(int return_id, char *return_ranges, struct expression *expr)
208 mark_all_params(return_id, return_ranges, LOST_PARAM);
211 static void print_untracked_params(int return_id, char *return_ranges, struct expression *expr)
213 struct sm_state *sm;
214 struct symbol *arg;
215 int param;
216 int type;
218 param = -1;
219 FOR_EACH_PTR(cur_func_sym->ctype.base_type->arguments, arg) {
220 param++;
222 if (!arg->ident)
223 continue;
225 if (__bail_on_rest_of_function) {
226 /* hairy functions are lost */
227 type = LOST_PARAM;
228 } else if ((sm = get_sm_state(my_id, arg->ident->name, arg))) {
229 if (slist_has_state(sm->possible, &lost))
230 type = LOST_PARAM;
231 else
232 type = UNTRACKED_PARAM;
233 } else {
234 continue;
237 sql_insert_return_states(return_id, return_ranges,
238 type, param, "$", "");
239 } END_FOR_EACH_PTR(arg);
242 static void match_param_assign_in_asm(struct statement *stmt)
244 struct expression *expr;
245 struct asm_operand *op;
246 struct symbol *type;
247 int param;
249 FOR_EACH_PTR(stmt->asm_inputs, op) {
250 expr = strip_expr(op->expr);
251 type = get_type(expr);
252 if (!type || type->type != SYM_PTR)
253 continue;
254 param = get_param_num(expr);
255 if (param < 0)
256 continue;
257 set_state_expr(my_id, expr, &untracked);
258 } END_FOR_EACH_PTR(op);
261 void register_untracked_param(int id)
263 my_id = id;
265 select_return_states_hook(INTERNAL, &assume_tracked);
266 select_return_states_hook(UNTRACKED_PARAM, &mark_untracked);
267 select_return_states_hook(LOST_PARAM, &mark_lost);
268 add_hook(&match_after_call, FUNCTION_CALL_HOOK_AFTER_DB);
270 add_split_return_callback(&print_untracked_params);
272 add_hook(&match_param_assign_in_asm, ASM_HOOK);
274 add_function_data((unsigned long *)&tracked);